Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
PSN and PN passwords
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Feedback
- :
- Plusnet Feedback
- :
- Re: PSN and PN passwords
- « Previous
-
- 1
- 2
- Next »
Re: PSN and PN passwords
27-04-2011 3:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
avatastic,
re the routers they are self configuring but only new ones supplied by ourselves.
phil4,
What I've mentioned is what should happen, agents should not ask for the full password. So I'll check your account and pass on some feedback if I can spot who did that.
The official line here is that agents should be asking for two characters (first two/last two/first and last etc).
Also agents cannot see full billing details.
re the routers they are self configuring but only new ones supplied by ourselves.
phil4,
Quote Hi, I'd like to confirm this is incorrect, I have experience more than once, your support agents asking for my full password.
What I've mentioned is what should happen, agents should not ask for the full password. So I'll check your account and pass on some feedback if I can spot who did that.
The official line here is that agents should be asking for two characters (first two/last two/first and last etc).
Also agents cannot see full billing details.
Re: PSN and PN passwords
30-04-2011 8:26 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I think the issue is (if I'm reading it correctly), is it possible for anyone on an outside network (I say possible, not feasible) and obtain peoples usernames and passwords in an unencrypted format or are the passwords inside PN's system on a separate network where even if PN's internal servers were compromised there would be no possible way for the persons doing it to obtain the information? For instance, the link you describe for your staff to view the password, can it only be viewed by an IP address that comes from the internal network and such?
Re: PSN and PN passwords
30-04-2011 9:50 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It's on a internal. secure network, only staff with registered accounts can log in with their secure passwords or keyfobs.
Former Plusnet Staff member. Posts after 31st Jan 2020 are not on behalf of Plusnet.
Re: PSN and PN passwords
30-04-2011 10:26 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Then I really can't see any issue with PN having the passwords unencrypted as there is no way for them to be taken internally. I naturally assume that all passwords which are not internal (for instance, logging into the portal or DSL login details) are encrypted?
Re: PSN and PN passwords
01-05-2011 7:46 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi David, appreciate your point of view,
My understanding of the preceeding statements is that, DSL login details, and portal (as opposed to forum) passwords are one and the same, and unencrypted.
Having a few years of IT security experience behind me there are many many facets to consider. For example, if a hacker can hack into the internal network, having the passwords on the internal secure network provides no additional security.
Next up, as the staff need registered accounts, secure passwords etc, we should consider aspects of their staff joiner, leaver and screening policies, their internal password policy, and the proven or otherwise efficiency of the mechanism used to allow access to the passwords. And more. A good example would be that you'd hope Plusnet are ISO 27002 certified, or at least trying to behave like they are.
What I think I'm saying is that demonstrating that the passwords are unencrypted yet securely stored, is pretty complex.
Quote from: David I naturally assume that all passwords which are not internal (for instance, logging into the portal or DSL login details) are encrypted?
My understanding of the preceeding statements is that, DSL login details, and portal (as opposed to forum) passwords are one and the same, and unencrypted.
Having a few years of IT security experience behind me there are many many facets to consider. For example, if a hacker can hack into the internal network, having the passwords on the internal secure network provides no additional security.
Next up, as the staff need registered accounts, secure passwords etc, we should consider aspects of their staff joiner, leaver and screening policies, their internal password policy, and the proven or otherwise efficiency of the mechanism used to allow access to the passwords. And more. A good example would be that you'd hope Plusnet are ISO 27002 certified, or at least trying to behave like they are.
What I think I'm saying is that demonstrating that the passwords are unencrypted yet securely stored, is pretty complex.
Re: PSN and PN passwords
01-05-2011 11:07 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
One way to find out if the portal is hashed is to use the "forgot my password" feature, if the password is sent to you then it isn't hashed, if however the password is reset then it would tend to lean towards it being hashed as the password isn't known to return it to you.
I checked, it gave me my password and displayed it which means all our passwords are available on the outside network and are stored unencrypted, this is a bit of a security risk I do agree.
I checked, it gave me my password and displayed it which means all our passwords are available on the outside network and are stored unencrypted, this is a bit of a security risk I do agree.
Re: PSN and PN passwords
03-05-2011 10:25 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Passwords are like underwear. You shouldn't leave them out where people can see them. You should change them regularly. And you shouldn't loan them out to strangers! - An easy way of keeping secure!
That aside, I think PN is totally flawed due to the un + e mail combo - give out your email address and you've given half your security away! Hence we do not use PN for email.
I think PN should implement a mem word system with 3 characters of mem word to use before a log in, also 3 to be used over the phone so full words / passwords / user names aren't used or seen, it only takes one member of the PNCST to wreak havoc!
Look at what has happened to Sony! It isn't if it will happen, it is 'when' it will happen.
Come on PN time to tighten up, lock down, get secure - and for users out there, don't use McCoffee Anti Caffine.
That aside, I think PN is totally flawed due to the un + e mail combo - give out your email address and you've given half your security away! Hence we do not use PN for email.
I think PN should implement a mem word system with 3 characters of mem word to use before a log in, also 3 to be used over the phone so full words / passwords / user names aren't used or seen, it only takes one member of the PNCST to wreak havoc!
Look at what has happened to Sony! It isn't if it will happen, it is 'when' it will happen.
Come on PN time to tighten up, lock down, get secure - and for users out there, don't use McCoffee Anti Caffine.
- « Previous
-
- 1
- 2
- Next »
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page